SlideShare a Scribd company logo

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

Nico Meisenzahl, profile picture
Nico Meisenzahl

Nico Meisenzahl presented on production-ready Terraform deployments on Azure. The presentation introduced Infrastructure as Code (IaC) and Terraform, discussing why IaC is needed and how Terraform works. It provided an overview of Terraform concepts like providers, modules, workflows, and authentication on Azure. The presentation concluded with a demo of using Terraform to provision Azure resources like a service principal and storage container.

Technology
1 of 33
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Production-Ready Terraform Deployments on Azure Azure Meetup Hamburg, July 2021
Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
Agenda • What is Infrastructure as Code and why do we need it? • Get started with Terraform • Demo: Terraform on Azure © white duck GmbH 2021
What is Infrastructure as Code? Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes. © white duck GmbH 2021
Infrastructure as Code is… • version controlled through Git • automated through CI/CD • reusable • self-documented • declarative © white duck GmbH 2021
Declarative vs imperative © white duck GmbH 2021
Why do we need IaC? • to prevent configuration drift • to recover quickly (rollback, restore) • to reproduce errors & test our infrastructure • to reduce costs & time-to-market © white duck GmbH 2021
Infrastructure vs. configuration • infrastructure orchestration is used to provision & manage immutable infrastructure like Cloud resources • e.g. provisioning of a Resource Group containing a Function App • with Terraform, ARM Templates, Pulumi, AWS CloudFormation, … • configuration management can be used to configure/maintain mutable resources • e.g. installing or configuring something within a Virtual Machine • With Ansible, Chef, Puppet, Saltstack, … © white duck GmbH 2021
What is Terraform? Terraform is an Infrastructure as Code tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. © white duck GmbH 2021
What is Terraform? • contains of • a CLI • a domain specific language (DSL) • supports hundreds of cloud services • extendable and therefore flexible • is not a configuration tool • introduced and open-sourced by Hashicorp • is defacto the tool of choice © white duck GmbH 2021
Terraform Providers • Terraform relies on plugins called "providers" to interact with Cloud resources • Resource types are implemented by a provider • Terraform itself cannot manage any resources • are provided by • Hashicorp (official flag) • Cloud Providers and Third-Party (verified flag) • open-source community (community flag) • yourself J © white duck GmbH 2021
Terraform Modules • are “containers” for multiple resources that are used together • are the main way to package and reuse resource configurations • are stored locally (subfolder) or can be shared/published © white duck GmbH 2021
Terraform Registry © white duck GmbH 2021
Hashicorp Configuration Language - HCL • a DSL (domain specific language) used to describe resources • there is also the Cloud Development Kit (CDK) • supports TypeScript, Python, Java, C#, Golang • early-stage project • https://github.com/hashicorp/terraform-cdk © white duck GmbH 2021
HCL sample © white duck GmbH 2021
Terraform workflow © white duck GmbH 2021
Terraform State • is used to map “real world” resources to your configuration • code à state ß real world • stores Terraform-managed resources • contains all infrastructure and metadata • incl. secrets! • local by default but should be stored remote backend • Terraform Cloud • Azure Storage Account • AWS, GCP, GitLab, … • … © white duck GmbH 2021
Terraform CLI © white duck GmbH 2021
Terraform workflow © white duck GmbH 2021
Production-ready workflow (PR) © white duck GmbH 2021
Terraform sample project structure © white duck GmbH 2021
Generic Providers • Template Provider • allows injecting variables into config files • https://registry.terraform.io/providers/hashicorp/template/latest • Random Provider • generates random strings, id, integer, passwords • https://registry.terraform.io/providers/hashicorp/random/latest • TLS Provider • used to generate keys and certificates • https://registry.terraform.io/providers/hashicorp/tls/latest • Null Provider • advanced - helps orchestrate tricky behavior or work arounds • https://registry.terraform.io/providers/hashicorp/null/latest © white duck GmbH 2021
Terraform providers for Azure • Azure RM provider • https://registry.terraform.io/providers/hashicorp/azurerm/latest • Azure AAD provider • https://registry.terraform.io/providers/hashicorp/azuread/latest • Azure Stack provider • https://registry.terraform.io/providers/hashicorp/azurestack/latest • Azure DevOps provider • https://registry.terraform.io/providers/microsoft/azuredevops/latest • GitHub provider • https://registry.terraform.io/providers/integrations/github/latest © white duck GmbH 2021
Generic resources • Data resource • used to retrieve meta data from unmanaged resources • Remote state resource • used to retrieve meta data from “other” projects • https://registry.terraform.io/providers/hashicorp/terraform/latest/ docs/data-sources/remote_state © white duck GmbH 2021
Variables • input variables • serves as parameters for a module or project • output variables • child module can use outputs to expose resource attributes • print certain values in the CLI for further usage • local variables • are a convenience feature for assigning a short name to any expression © white duck GmbH 2021
Meta arguments & functions • Terraform supports meta arguments like • count, for_each • depends_on, lifecycle • and a variety of functions like • numeric, string, encoding, hash, crypto, … • https://www.terraform.io/docs/language/functions/index.html © white duck GmbH 2021
Provisioners • should only be used as a last option • are not declarative! • Terraform supports • file • local_exec • remote_exec • https://www.terraform.io/docs/language/resources/provisioners/i ndex.html © white duck GmbH 2021
Environment stages in Terraform • build one project for all stages (DEV, QS/QA, PROD, …) • build it customizable via variables • repositories vs branches • state management via • Terraform “Workspaces” • uses one backend with multiple states • not supported by all backends • customizable backends • different Backend configurations • inject backend details via CLI/Shell © white duck GmbH 2021
Terraform vs ARM Templates • Terraform • extendable and therefore flexible • multi-cloud • requires some work to run it production-ready (CI/CD, state) • also supports ARM templates for advanced use-cases • ARM Templates • first-class support on Azure (but also limited to Azure) • “only” Azure resources, no Azure AAD, etc. • easy start with Bicep (https://github.com/Azure/bicep) © white duck GmbH 2021
Demo: Terraform on Azure • scaffold a first Terraform project • provision some Azure resources © white duck GmbH 2021
Authentication with Azure RM / Azure AD • local Azure CLI • Service Principal with a Client Certificate • Service Principal with a Client Secret • Managed Identity © white duck GmbH 2021
Terraform scaffold for Azure • provisions • a service principal used to run Terraform on behalf • a Storage Container used to store the Terraform state file • a Key Vault containing all secrets to allow easy and secure access • https://github.com/whiteducksoftware/terraform-scaffold- for-azure © white duck GmbH 2021
Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2021

More Related Content

PDF
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
 
PDF
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
 
PDF
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
PDF
Die Evolution von Container Image Builds
Nico Meisenzahl
 
PDF
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
 
PDF
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
 
PDF
GitHub Actions 101
Nico Meisenzahl
 
PDF
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
 
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
 
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
Die Evolution von Container Image Builds
Nico Meisenzahl
 
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
 
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
 
GitHub Actions 101
Nico Meisenzahl
 
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
 

What's hot (20)

PDF
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
 
PDF
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
PDF
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
 
PDF
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
PDF
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
 
PDF
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
 
PDF
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
PPTX
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
PDF
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Nico Meisenzahl
 
PDF
Policy & Governance für Kubernetes
Nico Meisenzahl
 
PDF
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
 
PDF
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
Nico Meisenzahl
 
PDF
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
PDF
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
 
PDF
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Nico Meisenzahl
 
PDF
Virtual Azure Community Day: Azure Kubernetes Service Basics
Nico Meisenzahl
 
PDF
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
 
PDF
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Nico Meisenzahl
 
PDF
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
 
PDF
Monitor Traefik with Prometheus
Brian Christner
 
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
 
Virtual GitLab Meetup: How Containerized Pipelines and Kubernetes Can Boost Y...
Nico Meisenzahl
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
 
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
FestiveTechCalendar2021 - Have Yourself An​ Azure Container Registry
Philip Welz
 
Enhance Your Kubernetes CI/CD Pipelines With GitLab & Open Source
Nico Meisenzahl
 
Policy & Governance für Kubernetes
Nico Meisenzahl
 
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
 
The Future of Workflow Automation Is Now - Hassle-Free ARM Template Deploymen...
Nico Meisenzahl
 
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
 
Docker Rosenheim Meetup: Policy & Governance for Kubernetes
Nico Meisenzahl
 
Virtual Azure Community Day: Azure Kubernetes Service Basics
Nico Meisenzahl
 
DevOps Gathering - How Containerized Pipelines Can Boost Your CI/CD
Nico Meisenzahl
 
Global Azure Bootcamp: Container, Docker & Kubernetes Basics
Nico Meisenzahl
 
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
 
Monitor Traefik with Prometheus
Brian Christner
 
Ad

Similar to Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure (20)

PPTX
AzDevCom2021 - Bicep vs Terraform
Philip Welz
 
PPTX
Infrastructure-as-Code (IaC) using Terraform
Adin Ermie
 
PDF
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
James Anderson
 
PPTX
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Adin Ermie
 
PDF
Terraform In Action Meap V10 Meap Scott Winkler
heyenpardis0
 
PPTX
Terraform on Azure
Mithun Shanbhag
 
PPTX
Linode_eBook_Declarative_Cloud_Infrastructure_Management_with_Terraform.pptx
AkwasiBoateng6
 
PPTX
Microsoft Azure IaaS and Terraform
Alex Mags
 
PPTX
Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
WinOps Conf
 
PDF
Infrastructure as Code for Azure: ARM or Terraform?
Katherine Golovinova
 
PDF
Instant download Terraform in Depth (MEAP V01) Robert Hafner pdf all chapter
akceyohros
 
PPTX
Infrastructure as code, using Terraform
Harkamal Singh
 
PDF
Terraforming your Infrastructure on GCP
Samuel Chow
 
PDF
Oracle Cloud - Infrastruktura jako kód
MarketingArrowECS_CZ
 
PDF
An introduction to the Terraform IaC tool
Gabriel Mateescu
 
PDF
Oracle Cloud deployment with Terraform
Stefan Oehrli
 
PPTX
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Plain Concepts
 
PPTX
DevOps Training - Introduction to Terraform
Rauno De Pasquale
 
PPTX
Terraform Automation in Azure Online Training Institute in Hyderabad.pptx
sivavisualpath
 
PDF
Terraform in Depth (MEAP V01) Robert Hafner
kutterjadeja
 
AzDevCom2021 - Bicep vs Terraform
Philip Welz
 
Infrastructure-as-Code (IaC) using Terraform
Adin Ermie
 
GDG Cloud Southlake #8 Steve Cravens: Infrastructure as-Code (IaC) in 2022: ...
James Anderson
 
Infrastructure-as-Code (IaC) Using Terraform (Intermediate Edition)
Adin Ermie
 
Terraform In Action Meap V10 Meap Scott Winkler
heyenpardis0
 
Terraform on Azure
Mithun Shanbhag
 
Linode_eBook_Declarative_Cloud_Infrastructure_Management_with_Terraform.pptx
AkwasiBoateng6
 
Microsoft Azure IaaS and Terraform
Alex Mags
 
Alex Magnay - Azure Infrastructure as Code with Hashicorp Terraform
WinOps Conf
 
Infrastructure as Code for Azure: ARM or Terraform?
Katherine Golovinova
 
Instant download Terraform in Depth (MEAP V01) Robert Hafner pdf all chapter
akceyohros
 
Infrastructure as code, using Terraform
Harkamal Singh
 
Terraforming your Infrastructure on GCP
Samuel Chow
 
Oracle Cloud - Infrastruktura jako kód
MarketingArrowECS_CZ
 
An introduction to the Terraform IaC tool
Gabriel Mateescu
 
Oracle Cloud deployment with Terraform
Stefan Oehrli
 
Aprovisionamiento multi-proveedor con Terraform - Plain Concepts DevOps day
Plain Concepts
 
DevOps Training - Introduction to Terraform
Rauno De Pasquale
 
Terraform Automation in Azure Online Training Institute in Hyderabad.pptx
sivavisualpath
 
Terraform in Depth (MEAP V01) Robert Hafner
kutterjadeja
 
Ad

More from Nico Meisenzahl (14)

PDF
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
 
PDF
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
PDF
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
 
PDF
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
 
PDF
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
 
PDF
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
PDF
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
PDF
Cloud Love Conference: Kubernetes is awesome, but...
Nico Meisenzahl
 
PDF
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
PDF
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
PPTX
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
PDF
Microsoft DevOps Forum 2021 – DevOps & Security
Nico Meisenzahl
 
PDF
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
 
PDF
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
 
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
 
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
 
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
 
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
 
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
Cloud Love Conference: Kubernetes is awesome, but...
Nico Meisenzahl
 
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
 
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
 
Microsoft DevOps Forum 2021 – DevOps & Security
Nico Meisenzahl
 
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
 
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
 

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Teaching material agriculture food technology
LiaRayya
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 

Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure

  • 1. Production-Ready Terraform Deployments on Azure Azure Meetup Hamburg, July 2021
  • 2. Nico Meisenzahl • Senior Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
  • 3. Agenda • What is Infrastructure as Code and why do we need it? • Get started with Terraform • Demo: Terraform on Azure © white duck GmbH 2021
  • 4. What is Infrastructure as Code? Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes. © white duck GmbH 2021
  • 5. Infrastructure as Code is… • version controlled through Git • automated through CI/CD • reusable • self-documented • declarative © white duck GmbH 2021
  • 6. Declarative vs imperative © white duck GmbH 2021
  • 7. Why do we need IaC? • to prevent configuration drift • to recover quickly (rollback, restore) • to reproduce errors & test our infrastructure • to reduce costs & time-to-market © white duck GmbH 2021
  • 8. Infrastructure vs. configuration • infrastructure orchestration is used to provision & manage immutable infrastructure like Cloud resources • e.g. provisioning of a Resource Group containing a Function App • with Terraform, ARM Templates, Pulumi, AWS CloudFormation, … • configuration management can be used to configure/maintain mutable resources • e.g. installing or configuring something within a Virtual Machine • With Ansible, Chef, Puppet, Saltstack, … © white duck GmbH 2021
  • 9. What is Terraform? Terraform is an Infrastructure as Code tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. © white duck GmbH 2021
  • 10. What is Terraform? • contains of • a CLI • a domain specific language (DSL) • supports hundreds of cloud services • extendable and therefore flexible • is not a configuration tool • introduced and open-sourced by Hashicorp • is defacto the tool of choice © white duck GmbH 2021
  • 11. Terraform Providers • Terraform relies on plugins called "providers" to interact with Cloud resources • Resource types are implemented by a provider • Terraform itself cannot manage any resources • are provided by • Hashicorp (official flag) • Cloud Providers and Third-Party (verified flag) • open-source community (community flag) • yourself J © white duck GmbH 2021
  • 12. Terraform Modules • are “containers” for multiple resources that are used together • are the main way to package and reuse resource configurations • are stored locally (subfolder) or can be shared/published © white duck GmbH 2021
  • 13. Terraform Registry © white duck GmbH 2021
  • 14. Hashicorp Configuration Language - HCL • a DSL (domain specific language) used to describe resources • there is also the Cloud Development Kit (CDK) • supports TypeScript, Python, Java, C#, Golang • early-stage project • https://github.com/hashicorp/terraform-cdk © white duck GmbH 2021
  • 15. HCL sample © white duck GmbH 2021
  • 16. Terraform workflow © white duck GmbH 2021
  • 17. Terraform State • is used to map “real world” resources to your configuration • code à state ß real world • stores Terraform-managed resources • contains all infrastructure and metadata • incl. secrets! • local by default but should be stored remote backend • Terraform Cloud • Azure Storage Account • AWS, GCP, GitLab, … • … © white duck GmbH 2021
  • 18. Terraform CLI © white duck GmbH 2021
  • 19. Terraform workflow © white duck GmbH 2021
  • 20. Production-ready workflow (PR) © white duck GmbH 2021
  • 21. Terraform sample project structure © white duck GmbH 2021
  • 22. Generic Providers • Template Provider • allows injecting variables into config files • https://registry.terraform.io/providers/hashicorp/template/latest • Random Provider • generates random strings, id, integer, passwords • https://registry.terraform.io/providers/hashicorp/random/latest • TLS Provider • used to generate keys and certificates • https://registry.terraform.io/providers/hashicorp/tls/latest • Null Provider • advanced - helps orchestrate tricky behavior or work arounds • https://registry.terraform.io/providers/hashicorp/null/latest © white duck GmbH 2021
  • 23. Terraform providers for Azure • Azure RM provider • https://registry.terraform.io/providers/hashicorp/azurerm/latest • Azure AAD provider • https://registry.terraform.io/providers/hashicorp/azuread/latest • Azure Stack provider • https://registry.terraform.io/providers/hashicorp/azurestack/latest • Azure DevOps provider • https://registry.terraform.io/providers/microsoft/azuredevops/latest • GitHub provider • https://registry.terraform.io/providers/integrations/github/latest © white duck GmbH 2021
  • 24. Generic resources • Data resource • used to retrieve meta data from unmanaged resources • Remote state resource • used to retrieve meta data from “other” projects • https://registry.terraform.io/providers/hashicorp/terraform/latest/ docs/data-sources/remote_state © white duck GmbH 2021
  • 25. Variables • input variables • serves as parameters for a module or project • output variables • child module can use outputs to expose resource attributes • print certain values in the CLI for further usage • local variables • are a convenience feature for assigning a short name to any expression © white duck GmbH 2021
  • 26. Meta arguments & functions • Terraform supports meta arguments like • count, for_each • depends_on, lifecycle • and a variety of functions like • numeric, string, encoding, hash, crypto, … • https://www.terraform.io/docs/language/functions/index.html © white duck GmbH 2021
  • 27. Provisioners • should only be used as a last option • are not declarative! • Terraform supports • file • local_exec • remote_exec • https://www.terraform.io/docs/language/resources/provisioners/i ndex.html © white duck GmbH 2021
  • 28. Environment stages in Terraform • build one project for all stages (DEV, QS/QA, PROD, …) • build it customizable via variables • repositories vs branches • state management via • Terraform “Workspaces” • uses one backend with multiple states • not supported by all backends • customizable backends • different Backend configurations • inject backend details via CLI/Shell © white duck GmbH 2021
  • 29. Terraform vs ARM Templates • Terraform • extendable and therefore flexible • multi-cloud • requires some work to run it production-ready (CI/CD, state) • also supports ARM templates for advanced use-cases • ARM Templates • first-class support on Azure (but also limited to Azure) • “only” Azure resources, no Azure AAD, etc. • easy start with Bicep (https://github.com/Azure/bicep) © white duck GmbH 2021
  • 30. Demo: Terraform on Azure • scaffold a first Terraform project • provision some Azure resources © white duck GmbH 2021
  • 31. Authentication with Azure RM / Azure AD • local Azure CLI • Service Principal with a Client Certificate • Service Principal with a Client Secret • Managed Identity © white duck GmbH 2021
  • 32. Terraform scaffold for Azure • provisions • a service principal used to run Terraform on behalf • a Storage Container used to store the Terraform state file • a Key Vault containing all secrets to allow easy and secure access • https://github.com/whiteducksoftware/terraform-scaffold- for-azure © white duck GmbH 2021
  • 33. Questions? Slides: https://www.slideshare.net/nmeisenzahl Nico Meisenzahl (Senior Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2021